This section provides detail on the AWS management services relevant to the Solution Architect Associate exam. These services are used to help you audit, monitor and evaluate your AWS infrastructure and resources. These management services form a core component of running resilient and performant architectures.
Want more? Try a lab playground or do a Lab Challenge!
Learning Objectives
- Understand the benefits of using AWS CloudWatch and audit logs to manage your infrastructure
- Learn how to record and track API requests using AWS CloudTrail
- Learn what AWS Config is and its components
- Manage your accounts with AWS Organizations, including single sign-on with AWS SSO
- Learn how to carry out logging with CloudWatch, CloudTrail, CloudFront, and VPC Flow Logs
- Understand how to design cost-optimized architectures in AWS
- Learn about AWS data transformation tools such as AWS Glue and data visualization services like Amazon Athena and QuickSight
We've picked a few best practice examples for you to apply for your business or organization. Let's start with some common tags that are used by most organizations. Of course, these are just some ideas and you need to use tags that fit your business case. Some common examples include Cost Center or Business Unit tag, used to show where resource costs are allocated within the organization, and it also allows correct cost allocation within billing data.
Service/Workload name tag. This shows which service the resource belongs to. Resource Owner tag. This is responsible for the resource. Simple Resource Name tag. This is something easier to read and to remember than the default tags. And Environment tag. It determines the cost difference between different environments. For example, dev, test/stage, production. Check your cloud and see whether these tags can help you get started with tagging. Also make sure to check AWS pre-generated tags. They might save you some time.
Now let's look at some tagging best practices. So, number one, align tags to your cost allocation strategy. Before you start tagging, you should think of a general cost management strategy. Think of tags that help you to track and allocate expenses and make those tags align with your strategy. Next, tag everything. Tag as many resources as possible so that no resource is left untagged. Make this a rule. In fact, you can roll out policies in your cloud environment that will forbid launching resources without tags.
Next, find a purpose for each tag. Think of a certain use case before adding a tag. Otherwise you will have a hard time justifying your tags and you risk running into a mess of baseless tags. That now leads me onto the next point. Limit the number of tags you adopt. Find redundancies and overlapping tags and simplify them. There's no point in releasing multiple tags that cover the same subject. Look for tags that might logically overlap. See where you might merge them and reduce the number of your overall tags. And keep it manageable. Obviously, the more tags you have, the more tags you have to deal with. Keep the number as low as necessary, but the information value as high as possible.
Next, consistency is key. Use a consistent naming convention. This helps to keep an overview and eases further processing. Giving your tags less abstract names, and instead naming them with descriptive terms also makes them easier to read. Automate tag management. Make use of tools like the AWS tag editor to automate your tagging. Avoid wasting time on repetitive tasks and use automation as much as possible. Set up policies to forbid launching untagged resources. This is an easy way to ensure that no new resources are slipping into your environment without a tag.
And finally, audit and maintain your tags. Make it a habit to review tags from time to time and verify their purpose. Tag maintenance is essential and should involve everyone on the team. So make it a recurring task for everyone and have everyone keep their eyes open for suggestions for improvement.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.